eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Google has expanded enforcement of its unwanted software policy on Android devices, as part of what it says is an effort to protect users from deceptive and overly intrusive apps.
Starting in 60 days Google’s Safe Browsing tool will warn mobile users when they use any application that collects personal data without the user’s consent. The same warning will appear when an Android user arrives on a website that contains links to applications that collect personal data without permission.
Developers of applications that handle personal user data, including email addresses, phone numbers or other device data will need to include a message alerting users to that fact and provide their own privacy policy as well.
Developers of apps that collect user data for purposes unrelated to the application’s core function will now have to spell out why they are collecting the data and how they plan on using it. Users will need to provide their consent before the application can be used.
“These data collection requirements apply to all functions of the app,” said Paul Stanton a member of Google Safe Browsing team in a blog announcing plans for the expanded enforcement.
As one example, Stanton said an application would not be permitted to send data unrelated to the app during app analytics and crash reporting sessions without it first notifying the user of what it is doing and obtaining permission for that transmission.
The requirements apply to all Android applications that are available via Google’s Play store as well as those downloaded to Android devices from outside the mobile app store.
In announcing plans for the expanded enforcement, Google also published new guidance for developers on how Android apps on Google Play should provide disclosure and handle personal user data.
All requests for access to data for instance will need to make sense to users and be limited only to the data required for existing application functionality. Developers will not be able to ask for access to data for features and functions that they have not yet fully implemented.
Google’s new disclosure requirements calls on app developers to ensure that any data they collect and notices pertaining to such collection are compliant with US-EU Privacy Shield principles.
Google describes unwanted software as any application or tool that is deceptive or tries to trick users into installing it by promising a false value proposition. Apps that fail to disclose all of their functionality, behave in unexpected ways or are difficult to remove are also classified as unwanted software.
Google has long maintained that such unwanted and potentially harmful applications pose as much if not an even bigger risk to users than purpose-build malware. Earlier this year in May, the company announced a new always service called Play Protect that among other thing scans Android applications running on a user’s device for potentially unwanted behavior.
Google currently offers a list of general recommendations on what Android developers can do to ensure their applications are not flagged as potentially harmful to users.